System and method for multi-party validation, authentication and/or authorization via biometrics

US 20040104266A1
Filed: 12/03/2002
Published: 06/03/2004
Est. Priority Date: 12/03/2002
Status: Active Grant

First Claim

Patent Images

1. A computer system for conducting a multi-party electronic transaction, comprising:

circuitry for initiating a multi-party transaction with a party at a client computer by sending a request to a transaction management server;

circuitry, responsive to a policy defined for the transaction, for contacting at least one other client computer associated with at least one other party to the transaction and requesting the parties to provide biometrics signals;

a challenge generator for generating a challenge to all parties to the transaction;

circuitry for receiving the challenge at the client computers and for inserting a response to the challenge into provided biometrics signals; and

circuitry for separating the challenge responses from the biometrics signals at the transaction management server, for verifying temporal synchronicity and persistence of biometrics signals acquisition as specified by the policy and, if the verification is successful, for certifying the authenticity of the parties to the multi-party electronic transaction requested by the initiating party.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for multi-party authentication is described. The multi-party authentication process uses synchronous and persistent biometrics signals received from parties to a transaction, based on a policy, to approve a transaction request. The biometrics signals preferably are expressed as compressed video signals having steganographically inserted challenge response data. Several business applications are described that are based on the multi-party authentication engine.

Citations

41 Claims

1. A computer system for conducting a multi-party electronic transaction, comprising:
- circuitry for initiating a multi-party transaction with a party at a client computer by sending a request to a transaction management server;
  
  circuitry, responsive to a policy defined for the transaction, for contacting at least one other client computer associated with at least one other party to the transaction and requesting the parties to provide biometrics signals;
  
  a challenge generator for generating a challenge to all parties to the transaction;
  
  circuitry for receiving the challenge at the client computers and for inserting a response to the challenge into provided biometrics signals; and
  
  circuitry for separating the challenge responses from the biometrics signals at the transaction management server, for verifying temporal synchronicity and persistence of biometrics signals acquisition as specified by the policy and, if the verification is successful, for certifying the authenticity of the parties to the multi-party electronic transaction requested by the initiating party.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. A computer system as in claim 1, where provided biometrics signals comprise audio signals representing a voice of a party to the transaction.
  - 3. A computer system as in claim 1, where provided biometrics signals comprise image signals representing a fingerprint of a party to the transaction.
  - 4. A computer system as in claim 1, where provided biometrics signals comprise image signals representing a face of a party to the transaction.
  - 5. A computer system as in claim 1, where provided biometrics signals comprise image signals representing a feature of the eye of a party to the transaction.
  - 6. A computer system as in claim 1, where provided biometrics signals comprise image signals representing the hand geometry of a party to the transaction.
  - 7. A computer system as in claim 1, where provided biometrics signals comprise compressed signals.
  - 8. A computer system as in claim 1, where provided biometrics signals comprise compressed video signals having steganographically inserted challenge response data.
  - 9. A computer system as in claim 1, where the circuitry that inserts the response to the challenge compresses a generated image to create a compressed image with a plurality of frequency components, each with a respective spatial frequency and a respective amplitude;
    - selects a selected set of a plurality of the frequency components having high spatial frequencies and large amplitudes;
      
      randomly selects from the selected set to create a site set; and
      
      partitions an information sequence into one or more portions and using one or more of the portions to modify one of the amplitudes of one of the frequency components in the site set so that the response data is inserted steganographically into compressed image data that is transmitted to the network.
  - 10. A computer system as in claim 9, where the circuitry for separating decompresses the compressed image data to create a plurality of frequency components, each with a respective spatial frequency and a respective amplitude;
    - selects a set comprised of a plurality of the frequency components, the selected set having the frequency components with high spatial frequencies and large amplitudes;
      
      randomly selects from the selected set to create a site set; and
      
      extracts, using one of the amplitudes of one of the frequency components in the site set, one or more portions of the challenge response data.
  - 11. A computer system as in claim 1, where the temporal synchronicity and persistence verification of biometrics signals comprises at least one of identifying, verifying and authenticating biometrics of at least two persons simultaneously.
  - 12. A computer system as in claim 1, where the temporal synchronicity and persistence verification of biometrics signals comprises at least one of identifying, verifying and authenticating biometrics of at least two persons with a prescribed time period.
  - 13. A computer system as in claim 1, where the temporal synchronicity and persistence verification of biometrics signals comprises at least one of identifying, verifying and authenticating biometrics of at least two persons that are sampled within a time period.
  - 14. A computer system as in claim 1, where the temporal synchronicity and persistence verification of biometrics signals comprises at least one of identifying, verifying and authenticating biometrics of at least two persons continuously within a time period.

15. A computer executed method for use in conducting a multi-party electronic transaction, comprising:
- initiating a multi-party transaction with a party at a client computer by sending a request to a transaction management server;
  
  based on a policy defined for the transaction, contacting at least one other client computer associated with at least one other party to the transaction and requesting the parties to provide biometrics signals;
  
  generating a challenge to all parties to the transaction;
  
  receiving the challenge at the client computers and inserting a response to the challenge into provided biometrics signals;
  
  separating the challenge responses from the biometrics signals at the transaction management server and verifying temporal synchronicity and persistence of biometrics signals acquisition as specified by the policy; and
  
  if the verification is successful, certifying the authenticity of the parties to the multi-party electronic transaction requested by the initiating party.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
- - 16. A method as in claim 15, where provided biometrics signals comprise audio signals representing a voice of a party to the transaction.
  - 17. A method as in claim 15, where provided biometrics signals comprise image signals representing a fingerprint of a party to the transaction.
  - 18. A method as in claim 15, where provided biometrics signals comprise image signals representing a face of a party to the transaction.
  - 19. A method as in claim 15, where provided biometrics signals comprise image signals representing a feature of the eye of a party to the transaction.
  - 20. A method as in claim 15, where provided biometrics signals comprise image signals representing the hand geometry of a party to the transaction.
  - 21. A method as in claim 15, where provided biometrics signals comprise compressed signals.
  - 22. A method as in claim 15, where provided biometrics signals comprise compressed video signals having steganographically inserted challenge response data.
  - 23. A method as in claim 15, where inserting comprises compressing a generated image to create a compressed image with a plurality of frequency components, each with a respective spatial frequency and a respective amplitude;
    - selecting a selected set of a plurality of the frequency components having high spatial frequencies and large amplitudes;
      
      randomly selecting from the selected set to create a site set; and
      
      partitioning an information sequence into one or more portions and using one or more of the portions to modify one of the amplitudes of one of the frequency components in the site set so that the response data is inserted steganographically into compressed image data that is transmitted to the network.
  - 24. A method as in claim 23, where separating comprises decompressing the compressed image data to create a plurality of frequency components, each with a respective spatial frequency and a respective amplitude;
    - selecting a set comprised of a plurality of the frequency components, the selected set having the frequency components with high spatial frequencies and large amplitudes;
      
      randomly selecting from the selected set to create a site set; and
      
      extracting, using one of the amplitudes of one of the frequency components in the site set, one or more portions of the challenge response data.
  - 25. A method as in claim 15, where said electronic transaction comprises notarization of an electronic document.
  - 26. A method as in claim 15, where said electronic transaction comprises a wagering transaction.
  - 27. A method as in claim 15, where said electronic transaction comprises a lottery transaction.
  - 28. A method as in claim 15, where said electronic transaction comprises a loan request and approval transaction.
  - 29. A method as in claim 15, where said electronic transaction comprises a loan request, involving a co-guarantor, and approval transaction.
  - 30. A method as in claim 15, where said electronic transaction comprises a request to open a bank locker.
  - 31. A method as in claim 15, where said electronic transaction comprises an electronic polling application.
  - 32. A method as in claim 15, where said electronic transaction comprises an electronic voting application.
  - 33. A method as in claim 15, where said electronic transaction comprises an electronic will application.
  - 34. A method as in claim 15, where said electronic transaction comprises gaining access to a locked space mediated through a wireless mobile communications device.
  - 35. A method as in claim 15, where said electronic transaction comprises an electronic business application involving the participation of a purchaser client and a purchase approval client.
  - 36. A method as in claim 15, where the temporal synchronicity and persistence verification of biometrics signals comprises at least one of identifying, verifying and authenticating biometrics of at least two persons simultaneously.
  - 37. A method as in claim 15, where the temporal synchronicity and persistence verification of biometrics signals comprises at least one of identifying, verifying and authenticating biometrics of at least two persons with a prescribed time period.
  - 38. A method as in claim 15, where the temporal synchronicity and persistence verification of biometrics signals comprises at least one of identifying, verifying and authenticating biometrics of at least two persons that are sampled within a time period.
  - 39. A method as in claim 15, where the temporal synchronicity and persistence verification of biometrics signals comprises at least one of identifying, verifying and authenticating biometrics of at least two persons continuously within a time period.

40. A computer readable computer program carrier, execution of one or more computer programs by at least one computer occurring during a multi-party electronic transaction, said computer program causing, in response to an initiating party at one client computer, an initiation of the multi-party transaction by sending a request to a transaction management server;
- said computer program causing at said transaction management server, based on a policy defined for the transaction, to contact at least one other client computer associated with at least one other party to the transaction for requesting the parties to provide biometrics signals and generating a challenge to all parties to the transaction;
  
  in response to receiving the challenge at the client computers said computer program causing said client computers to insert a response to the challenge into provided biometrics signals;
  
  said computer program further causing said transaction management server to separate the challenge responses from the biometrics signals and to verify temporal synchronicity and persistence of biometrics signals acquisition as specified by the policy and, if the verification is successful, for certifying the authenticity of the parties to the multi-party electronic transaction requested by the initiating party.
- View Dependent Claims (41)
- - 41. A computer readable computer program carrier as in claim 40, where provided biometrics signals comprise compressed video signals having steganographically inserted challenge response data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Dorai, Chitra, Ratha, Nalini K., Bolle, Rudolf M., Noronha, Sunil J.

Granted Patent

US 7,130,452 B2
Time in Patent Office

Days
Field of Search
US Class Current

235/382
CPC Class Codes

G06F 21/6245   Protecting personal data, e...

G06F 21/645   using a third party

G06F 2221/2103   Challenge-response

G06Q 20/206   comprising security or oper...

G06Q 20/388   using mutual authentication...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/4014   Identity check for transact...

G07C 9/00563   using personal physical dat...

G07C 9/37   using biometric data, e.g. ...

Y10S 707/99936   Pattern matching access

Y10S 707/99939   Privileged access

System and method for multi-party validation, authentication and/or authorization via biometrics

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

41 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for multi-party validation, authentication and/or authorization via biometrics

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

41 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links